https证书如何验证是否生效

原创 吴就业 136 0 2021-10-12

本文为博主原创文章,未经博主允许不得转载。

本文链接:https://wujiuye.com/article/9be7cff97fd34f408bf2df4476707aac

作者:吴就业
链接:https://wujiuye.com/article/9be7cff97fd34f408bf2df4476707aac
来源:吴就业的网络日记
本文为博主原创文章,未经博主允许不得转载。

在做接入器中间件需求时,接入器需要支持cdn通过https协议回源,测试怎么验证证书有没有生效呢?

/etc/hosts文件中添加域名映射,如:

172.18.12.21    www.wujiuye.com

不生效输出如下:

wujiuye@wujiuyedeMacBook-Pro ~ % curl -v https://www.wujiuye.com:45689
*   Trying 172.18.12.21...
* TCP_NODELAY set
* Connected to www.wujiuye.com (172.18.12.21) port 45689 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS alert, certificate unknown (558):
* SSL certificate verification failed
* Closing connection 0
curl: (60) SSL certificate verification failed
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

生效输出如下

wujiuye@wujiuyedeMacBook-Pro ~ % curl -v https://www.wujiuye.com:45689
*   Trying 172.18.12.21...
* TCP_NODELAY set
* Connected to www.wujiuye.com (172.18.12.21) port 45689 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: C=CN; ST=Guangdong; L=Guangzhou; OU=IT Dept.; O=\U5E7F\U5DDE\U8354\U652F\U7F51\U7EDC\U6280\U672F\U6709\U9650\U516C\U53F8; CN=*.wujiuye.com
*  start date: May  7 09:14:21 2021 GMT
*  expire date: Jun  8 09:14:21 2022 GMT
*  subjectAltName: host "www.wujiuye.com" matched cert's "*.wujiuye.com"
*  issuer: C=BE; O=GlobalSign nv-sa; CN=GlobalSign RSA OV SSL CA 2018
*  SSL certificate verify ok.
> GET / HTTP/1.1
> Host: www.wujiuye.com:45689
> User-Agent: curl/7.64.1
> Accept: */*
>
< HTTP/1.1 404 Not Found
< Connection: keep-alive
< Server: bfe
< Content-Type: text/html; charset=utf-8
< Content-Length: 0
<
* Connection #0 to host www.wujiuye.com left intact
* Closing connection 0
#后端

声明:公众号、CSDN、掘金的曾用名:“Java艺术”,因此您可能看到一些早期的文章的图片有“Java艺术”的水印。

文章推荐

k8s容器线上排查进程突然挂掉原因

对于线上应用,出现进程自动挂掉的原因,如果可以排除因程序本身原因,那么很大可能性是因为操作系统内存不够用,进程被操作系统kill掉了。

Go项目如何远程调试

远程debug也是排查线上故障的有效手段。容器下受权限限制,需要以root启动进程,并且获得特权模式才可使用。

Java中的中断机制

中断,其实只是jvm用于唤醒因锁竞争、I/O操作、休眠等待被挂起的线程,并设置一个中断标志,我们可以利用这个标志去做一些处理。

新项目从零到一DDD实战思考与总结

本篇笔者以近期的一个项目实战跟大家分享笔者目前对DDD的理解,以及在实战DDD过程中遇到的问题思考与总结,仅个人经验,偏战术设计。

如何将项目打包部署到私有仓库(Nexus)

公司项目使用的是maven,并且不是推送到maven中央仓库,而是推送到私有仓库nexus,本篇将介绍如何将sdk项目打包部署到私有仓库。

写业务系统,更重要的是设计

写业务系统,我们应该更注重设计,好的设计能解决百分之八十的问题。